April 19, 2013

LulzSec Hacker Sentenced To One Year In Slammer For Sony Scam

Another hacker was brought to justice yesterday when a judge sentenced 25-year old Cody Kretsinger to one year in prison for his role in attacking Sony´s network in June 2011. The group of self-proclaimed “hacktivists” broke into Sony´s networks nearly three years ago and posted private information of Sony customers in an attempt to prove a point about Sony´s weak security measures.

Kretsinger, who goes by the moniker “Recursion” when he´s behind a computer screen, has also been ordered to perform 1,000 hours of community service once he´s served his one-year sentence, reported Reuters. Another hacker involved in the Sony attack who pleaded guilty in October is set to be sentenced on May 16.

Kretsinger pleaded guilty to one count each of conspiracy and unauthorized impairment of a protected computer last April as a part of a plea bargain. He was arrested just months after the attack on Sony left the private information of more than 37,000 Sony customers open to the public. This attack followed an earlier breach which left the information of more than 100 million PlayStation Network and Qricity accounts vulnerable online.

LulzSec, an offshoot of the larger hacktivist collective Anonymous, said they performed the crime and put thousands of innocent customers´ data at risk in order to shame Sony.

“From a single injection we accessed EVERYTHING,” the hacking group said in a statement at the time. “Why do you put such faith in a company that allows itself to become open to these simple attacks.”

A spokesperson for LulzSec claimed Sony had stored the information of thousands of people in plaintext files, making them easy to access.

“They were asking for it,” said LulzSec of Sony.

Sony had acquired the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered different contests hosted by Sony. At the time LulzSec also claimed responsibility for similar attacks against Fox.com and PBS television.

After he was arrested in Tempe, Arizona, Kretsinger was released following an initial court appearance. As a condition of his release, he was prohibited from accessing the Internet except while at work.

To find hackers involved in other attacks, the FBI has taken to recruiting convicted hackers to to go after their former peers. For instance, Hector Xavier Monsegur was another former member of LulzSec who also played a role in the Sony attacks. After he was arrested and pleaded guilty to his involvement in the attacks, he was given leniency in exchange for helping the FBI track down other members of the organization.

Monsegur — better known to peers by his web pseudonym Sabu — led law officials to fellow hackers Ryan Cleary and Ryan Ackroyd. Cleary was arrested for violating bail when he communicated with Sabu in an internet chat room via cell phone. Monsegur told Cleary that he hadn´t been arrested and wasn´t under investigation by the FBI.

Ryan Ackroyd pleaded guilty to computer hacking earlier this month, and he along with several other hackers are due to be sentenced on May 14.

According to Reuters, prosecutors are not saying whether Kretsinger is acting in a similar role to point officials to other hackers.